Store

OCR: The HIPAA enforcer?

HIM-HIPAA Insider, August 10, 2009

You know the "what" when it comes to HIPAA privacy and security enforcement: New federal laws this year include larger monetary fines, periodic audits, civil-suit authority to state attorneys general, and new HIPAA Security Rule compliance to business associates (BAs) of covered entities.

You now know the "who": The Office for Civil Rights (OCR), long the HIPAA Privacy Rule warden, inherits the security rule per a July 27 announcement by HHS Secretary Kathleen Sebelius.

But for covered entities, "when" and "how much" remain the bigger questions. When will this stepped-up enforcement arrive? And how regular will it be?

"I think the initial intent is to combine privacy and security investigations, audits, etc., in one division given [that] many security violations/breaches lead to privacy breaches," says Chris Apgar, CISSP, president of Apgar & Associates in Portland, OR. "It's logical that there be one enforcement shop for privacy and security. As far as what it means on the auditing side, that's likely not something we will know until next year."

*MAGNET™, MAGNET RECOGNITION PROGRAM®, and ANCC MAGNET RECOGNITION® are trademarks of the American Nurses Credentialing Center (ANCC). The products and services of HCPro are neither sponsored nor endorsed by the ANCC. The acronym "MRP" is not a trademark of HCPro or its parent company.